How to validate GET/POST parameter to avoid javascript injection

Asked Nov 11 '10 at 10:30

Active May 17 '12 at 09:01

Viewed 2,881 times

I'm building an AJAX enabled web application in which I'm accepting to inputs from user or sometimes building query string based on user action.

Using firebug or other tools anyone can inspect and view data being sent to server.

I would like to know how to validate query variables at server side using java to detect malicious script being sent to server.

Thanks.

edited May 17 '12 at 09:01

skaffman

asked Nov 11 '10 at 10:30

Chinmayee G

2

Look at this thread: http://stackoverflow.com/questions/3410526/how-to-implement-a-possibility-for-user-to-post-some-html-formatted-data-in-a-saf – Roman Nov 11 '10 at 10:34
3

Duplicate of http://stackoverflow.com/questions/2658922/xss-prevention-in-java In short: don't validate them. Escape them **anyway**. – BalusC Nov 11 '10 at 12:39

0 Answers0